<?php

session_start();

################################################################################
#+============================================================================+#
#+ Powered by TUGGO Open Source Content Mangement System (www.TUGGO.org)	  +#
#+ Code in this package is subject to the liscence in the root directory.	  +#
#+============================================================================+#
#+ TUGGO (beta) 1.0  |  Developed by Paul Cheek (pcheek@tuggo.org)			  +#
#+============================================================================+#
################################################################################

## *****************************************************************************
################################################################################
####################  (START) TUGGO Standard Configuration  ####################
################################################################################
## *****************************************************************************

/* Include TUGGO system configuration file */
include("tuggo.inc.php");

/* Connect to the database using variables defined above */
$connect = mysql_connect(MYSQLHOST, MYSQLUSERNAME, MYSQLPASSWORD) 
	or die("Could not connect to MySQL server!");

/* Select the database after connecting to the database */
$selected = mysql_select_db(MYSQLDATABASE, $connect) 
	or die("Could not select the database!");

/* Function to retrieve data from the config table of your database */
function info($id) {
$query = "SELECT * FROM config WHERE id='$id'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
	$sqlcount++;
echo $row['value'];
mysql_free_result($result);
}

## *****************************************************************************
################################################################################
#####################  (END) TUGGO Standard Configuration  #####################
################################################################################
## *****************************************************************************

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<link rel="stylesheet" href="admin/loginstyle.css" />
<title><?php info(1); ?> &raquo; Login</title>
</head>
<body>

<?php if($_GET['function'] == "logout") { ?>

	<?php
		$_SESSION["user"] = "";
		$_SESSION["pass"] = "";
		$_SESSION["displayname"] = "";
		$_SESSION["email"] = "";
		$_SESSION["id"] = "";
		$_SESSION["uid"] = "";
	session_destroy();
	?>
	<div id="loginbox">
	<div id="check"><img src="admin/images/check.png" alt="Success" style="float: left;" />&nbsp;You have been logged out.</div><br/>
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=login" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Password:
							</td>
							<td class="right2">
								<input type="password" name="password" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Login &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>

<?php } elseif($_GET['function'] == "login") { ?>

<?php 
$result = mysql_query('SELECT * FROM users WHERE username="' . $_POST['username'] . '"') or die(mysql_error());
 
		$row = mysql_fetch_array($result);
		$uusername = $row["username"];
		$upassword = $row["password"];
		$udisplayname = $row["displayname"];
		$uemail = $row["email"];
		$uid = $row["id"];
 
$seeif = mysql_num_rows($result);
if($seeif == 0) { ?>

	<div id="loginbox">
	<div id="error"><img src="admin/images/alert.png" alt="Success" style="float: left;" />&nbsp;There was a problem with your credentials.</div><br/>
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=login" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Password:
							</td>
							<td class="right2">
								<input type="password" name="password" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Login &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	
<?php } elseif ($seeif != 0) {
	$comppass = md5($_POST['password']);
	if ($comppass != $upassword) { ?>
	
	<div id="loginbox">
	<div id="error"><img src="admin/images/alert.png" alt="Success" style="float: left;" />&nbsp;There was a problem with your credentials.</div><br/>
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=login" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Password:
							</td>
							<td class="right2">
								<input type="password" name="password" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Login &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	
	<?php } elseif ($comppass == $upassword) {
		
		$_SESSION["user"] = $uusername;
		$_SESSION["pass"] = $compass;
		$_SESSION["displayname"] = $udisplayname;
		$_SESSION["email"] = $uemail;
		$_SESSION["id"] = $uid;
		$_SESSION["uid"] = $uid;
		?>
	
	<div id="loginbox">
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<b>Thanks for logging in to TUGGO!</b><br/>
					<a href="admin/">Continue to the admin control panel &raquo;</a>
					 <meta http-equiv="REFRESH" content="2; URL=admin/">
					
				</td>
			</tr>
		</table>
	</div>
	<?php
	}
}
?>

<?php } elseif($_GET['function'] == "lostpassword") { ?>


	
	<?php if(isset($_GET['step'])) { ?>
	<?php if($_GET['step'] == "2") {
	
		$username = $_POST['username'];
		$email = $_POST['email'];
		$ip = $_SERVER["REMOTE_ADDR"];
		
		if(isset($username) && $username != "" && isset($email) && $email != "") {

		$query = "SELECT * FROM users WHERE username = '" . $username . "' ORDER BY id ASC";
		$result = mysql_query($query) or die(mysql_error());
		$row = mysql_fetch_array($result);
		
		$seeif = mysql_num_rows($result);
		if($seeif == 0) { ?>
		
	<div id="loginbox">
	<div id="error"><img src="admin/images/alert.png" alt="Success" style="float: left;" />&nbsp;Sorry, that username does not exist.</div><br/>
	
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=lostpassword&step=2" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Email:
							</td>
							<td class="right2">
								<input type="text" name="email" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Recover my Password &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	
		<?php } else { ?>
		
		<?php if($row['email'] == $email) { ?>
			
			<?php
			$to = $email;
			$subject = "TUGGO Password Recovery  (Powered by TUGGO)";

				$message = "Someone, hopefully you, has used the password recovery tool to retrieve the password for the account that is associated with this email address.  If you did not request your password then you may want to take the necessary actions with the user's IP address below.  Assuming that it was you who requested your password, your account information is listed below...\n\nUsername: " . $row['username'] . "\nPassword: " . $row['password'] . "\nIP Used: " . $ip . "\n\nSincerely,\nThe TUGGO Group\n<a href='http://tuggo.org'>www.TUGGO.org</a>";

			$from = "system@tuggo.org";
			$headers = "From: $from";
			mail($to,$subject,$message,$headers);
			?>
			
			<?php echo $email; ?>
			
	<div id="loginbox">
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<b>An email has been sent...</b><br/>
					<a href="login.php">Return to system login &raquo;</a>
					 <meta http-equiv="REFRESH" content="2; URL=login.php">
					
				</td>
			</tr>
		</table>
	</div>
			
		<?php } else { ?>
		
	<div id="loginbox">
	<div id="error"><img src="admin/images/alert.png" alt="Success" style="float: left;" />&nbsp;There was an error with your credentials.</div><br/>
	
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=lostpassword&step=2" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Email:
							</td>
							<td class="right2">
								<input type="text" name="email" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Recover my Password &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	
	<?php } // close if the email isnt valid ?>
	
	<?php } // close if the user isnt valid ?>
	
	<?php } else { // close if all of the fields are valid ?>
	
	<div id="loginbox">
	<div id="error"><img src="admin/images/alert.png" alt="Success" style="float: left;" />&nbsp;There was an error with your credentials.</div><br/>
	
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=lostpassword&step=2" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Email:
							</td>
							<td class="right2">
								<input type="text" name="email" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Recover my Password &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	
	<?php } ?>
	<?php } else { ?>
	<div id="loginbox">
	<div id="error"><img src="admin/images/alert.png" alt="Success" style="float: left;" />&nbsp;There was an error with your credentials.</div><br/>
	
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=lostpassword&step=2" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Email:
							</td>
							<td class="right2">
								<input type="text" name="email" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Recover my Password &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	<?php } ?>
	<?php } else { ?>
	
	<div id="loginbox">
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=lostpassword&step=2" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Email:
							</td>
							<td class="right2">
								<input type="text" name="email" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Recover my Password &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
	
	<?php } ?>
	
		

		
		

<?php } else { ?>

	<?php 
	if (isset($_SESSION["displayname"])) { ?>
    	<div id="loginbox">
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<b>You are currently being transferred...</b><br/>
					<a href="admin/">Continue to the admin control panel &raquo;</a>
					 <meta http-equiv="REFRESH" content="2; URL=admin/index.php">
					
				</td>
			</tr>
		</table>
	</div>
	<?php } elseif (!isset($_SESSION["displayname"])) { ?>
	<div id="loginbox">
		<table cellspacing="0" cellpadding="0" border="0">
			<tr>
				<td class="left">
					<img src="admin/logo3.png" alt="TUGGO" style="height: 40px;" />
				</td>
				<td class="right">
				
					<form action="login.php?function=login" method="POST">
					<table cellspacing="0" cellpadding="0" border="0" class="table2">
						<tr>
							<td class="left2" width="300">
								Username:
							</td>
							<td class="right2" style="padding-bottom: 2px;">
								<input type="text" name="username" />
							</td>
						</tr>
						<tr>
							<td class="left2">
								Password:
							</td>
							<td class="right2">
								<input type="password" name="password" />
							</td>
						</tr>
						<tr>
							<td class="bottom2" colspan="2">
								<input type="submit" value="Login &raquo;" />
							</td>
						</tr>
					</table>
					</form>
					
				</td>
			</tr>
		</table>
	</div>
<?php 
} 

} ?>

<table cellspacing="0" cellpadding="0" border="0" class="table2" style="margin-left: auto; margin-right: auto; margin-top: 5px; width: 320px;">
	<tr>
		<td class="left2" style="width: 200px; text-align: left; padding: 2px;">
			<?php if($_GET['function'] == "lostpassword") { ?>
			<a href="login.php">System Login</a>
			<?php } else { ?>
			<a href="login.php?function=lostpassword">Password Recovery</a>
			<?php } ?>
		</td>
		<td class="right2" style="text-align: right; padding: 2px;">
			<a href="<?php info(2); ?>"><?php info(1); ?></a>
		</td>
	</tr>
</table>

</body>
</html>
<?php

/* Close MySQL connection that is currently open */
mysql_close($connect);

?>